CLAIMS 

We claim: 

1. In a computerized network environment including a client system, a network 
provider, and one or more devices that can be accessed locally or over a network, a 
method for providing the client system access to one or more of the devices through 
the network provider, the method comprising the following: 

an act of identifying one or more devices that can be accessed; 

an act of generating a target that identifies at least one of the one or more 
devices, and that includes at least one corresponding device identifier; 

an act of associating client authorization information identified by the network 
provider with the target that identifies the at least one device; and 

an act of assigning the target to a port through a protocol-independent port 
driver at the network provider. 

2. The method as recited in claim 1 , wherein the at least one of the one or more 
devices can be accessed locally through a local access protocol. 

3. The method as recited in claim 1, wherein the at least one of the one or more 
devices is a network device that can be accessed on a network through a network 
access protocol. 

4. The method as recited in claim 1, wherein the act of identifying one or more 
devices further includes an act of creating one or more devices that can be accessed 
over the network. 

5. The method as recited in claim 4, wherein the act of creating one or more 
devices includes an act of identifying a at least one of a partition and file, wherein the 
at least one of a partition and file represents at least a portion of one of the one or more 
devices, and wherein the at least one of a partition and file can be configured by the 
network provider to provide the client modifiable access to the portion of the one of 
the one or more devices. 
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6. The method as recited in claim 1, further comprising an act of providing client 
access to one or more of a port, a WWN, and a portal through the protocol- 
independent port driver, such that the protocol-independent port driver is accessed 
through one or more protocol-dependent mini-ports. 

7. The method as recited in claim 6, wherein the protocol-independent port driver 
and one or more protocol-dependent mini-port drivers are managed by the centralized 
service, and wherein the one or more protocol-dependent miniport drivers plug-in to 
the protocol-independent port driver. 

8. The method as recited in claim 7, wherein at least one of the one or more 
protocol-dependent miniport drivers communicates through one or more of an 
Ethernet, Token Ring, fiber channel, USB, or wireless protocol. 

9. The method as recited in claim 1, wherein the at least one device is a virtual 
SCSI device that can be accessed through an iSCSI protocol. 

10. The method as recited in claim 9, wherein the virtual SCSI device is a storage 
device, and the network comprises a storage area network. 

1 1 . The method as recited in claim 10, wherein the storage device is one or more of 
an internal or external magnetic storage medium, an optical storage medium, and a 
tape backup drive. 

12. The method as recited in claim 1, wherein the network provider manages one or 
more targets, one or more drivers, and authentication information for one or more 
clients through a centralized directory service. 
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^ 05 or more of a device, a plug-and-play identifier for a device, a global unique identifier 

for a device; a device driver that interfaces with a device; and at least one of a partition 
and file that represents a portion of a device. 
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15. In a computerized network environment including a client system, a network 
provider, and one or more devices that can be accessed locally or over a network, , a 
computer program product comprising computer-executable instructions for 
performing a method for providing the client system access to one or more of the 
devices over the through the network provider, the method comprising the following: 

an act of identifying one or more devices that can be accessed; 

an act of generating a target that identifies at least one of the one or more 
devices, and that includes at least one corresponding device identifier; 

an act of associating client authorization information identified by the network 
provider with the target that identifies the at least one device; and 

an act of assigning the target to a port through a protocol-independent port 
driver at the network provider. 

16. The computer program product as recited in claim 15, wherein the at least one of 
the one or more devices can be accessed locally through a local access protocol. 

17. The computer program product as recited in claim 15, wherein the at least one of 
the one or more devices is a network device that can be accessed on a network. 

18. The computer program product as recited in claim 15, wherein the act of 
identifying one or more devices further includes an act of creating one or more devices 
that can be accessed over the network 

19. The computer program product as recited in claim 18, wherein the act of 
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> 20. The computer program product as recited in claim 15, further comprising an act 

of providing client access to one or more of a port, a WWN, and a portal through the 
protocol-independent port driver, such that the protocol-independent port driver is 
accessed through one or more protocol-dependent mini-ports. 
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21. The computer program product as recited in claim 20, wherein the protocol- 
independent port driver and one or more protocol-dependent mini-port drivers are 
managed by the centralized service, and wherein the one or more protocol-dependent 
miniport drivers plug-in to the protocol-independent port driver. 

22. The computer program product as recited in claim 21 , wherein at least one of the 
one or more miniport drivers communicates through one or more of an Ethernet, 
Token Ring, fiber channel, USB, or wireless protocol. 

23. The computer program product as recited in claim 15, wherein the at least one 
device is a virtual SCSI device that can be accessed through an iSCSI protocol. 

24. The computer program product as recited in claim 23, wherein the virtual SCSI 
device is a storage device, and the network comprises a storage area network. 

25. The computer program product as recited in claim 24, wherein the storage 
device is one or more of an internal or external magnetic storage medium, an optical 
storage medium, and a tape backup drive. 

26. The computer program product as recited in claim 15, wherein the network 
provider manages one or more targets, one or more drivers, and authentication 
information for one or more clients through a centralized directory service. 

27. The computer program product as recited in claim 26, wherein the device 
identifier is identified by a target name and a LUN that has been assigned to the at 
least one device by the centralized directory service. 

28. The computer program product as recited in claim 27, wherein the LUN is 
O h * « 3 § assigned to one or more of a device identifier, a plug-and-play identifier for a device, a 
S S h 5 S g global unique identifier for a device; a device driver that interfaces with a device; and 
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29. In a computerized network environment including a client system, a network 
provider, and one or more devices that can be accessed locally or over a network, a 
method for providing the client system access to one or more of the devices over the 
through the network provider, the method comprising the following: 

an act of identifying one or more devices that can be accessed; 

an act of generating a target that identifies at least one of the one or more 
devices, and that includes at least one corresponding device identifier; 

an act of associating client authorization information identified by the network 
provider with the target that identifies the at least one device; and 

a step for exposing the at least one device to the client through a specific one of 
a network port, a WWN, and a portal, such that the client can access the 
at least one device identified by the target when the client has access to 
the specific one of a network port, a WWN, and portal,, and when the 
client presents the associated client authorization to the network 
provider. 

30. The method as recited in claim 29, wherein the step for exposing the at least one 
device to the client through a specific one of a network port, a WWN, and a portal: 

an act of assigning the target to a port through a protocol-independent port 
driver at the network provider; and 

an act of providing client access to the specific one of a port, a WWN, and a 
portal through the protocol-independent port driver, such that the 
protocol-independent port driver is accessed through one or more 
protocol-dependent mini-ports. 

31. The method as recited in claim 30, wherein the client is provided access to the 
specific one of a port, a WWN, and a portal by virtue of being authenticated at one or 
more of a local centralized service provider, and a remote authentication database. 
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32. In a computerized environment including a client computer and a storage service 
provider on a storage area network, the storage service provider comprising one or 
more storage devices, a method of providing the client computer with access to one or 
more of the storage devices on the storage service provider through an iSCSI protocol, 
the method comprising the following: 

an act of identifying one or more device identifiers corresponding to one or 
more storage devices on a storage service provider, wherein the one or 
more storage devices can each be represented by at least one of a 
physical device, a virtual device, a partition and a file; 

an act of receiving from a centralized directory service a modifiable client 
resource that identifies client authorization to access the storage device, 
and a portion of the storage device that the client can access; 

an act of creating a target containing one or more logical unit numbers that have 
been assigned to the identified device identifiers, wherein access to the 
target is provided according to the modifiable client resource; and 

an act of providing the client computer access to the storage device through a 
client-restricted port on the storage service provider, such that if the 
client has access to the client-restricted port, the client can access the 
storage device by providing the storage service provider with client 
authorization. 

33. The method as recited in claim 32, wherein centralized directory service 
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upon recognizing that the client authorization corresponds with the requested at 
least one of the one or more storage devices, and that the client is 
authorized to access the target; 

providing the client computer with access to the at least one of the one or more 
storage devices in the target. 

35. The method as recited in claim 32, wherein the client-restricted port is managed 
by the centralized service and a protocol-independent port driver that receives network 
traffic through one or more protocol-dependent mini-port drivers. 

36. The method as recited in claim 35, wherein the one or more protocol-dependent 
mini-port drivers are plug-ins to the protocol-independent port driver. 

37. The method as recited in claim 36, wherein at least one of the one or more mini- 
port drivers communicates through one or more of an Ethernet, Token Ring, USB, 
fiber channel, or wireless connection protocol. 
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